| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 31 Oct 2017 14:24:19 -0400
From: Roman Mashak <mrv@...atatu.com>
To: stephen@...workplumber.org
Cc: netdev@...r.kernel.org, jhs@...atatu.com,
Roman Mashak <mrv@...atatu.com>
Subject: [PATCH iproute2 v2 1/1] ip netns: use strtol() instead of atoi()
Use strtol-based API to parse and validate integer input; atoi() does
not detect errors and may yield undefined behaviour if result can't be
represented.
v2: use get_unsigned() since network namespace is really an unsigned value.
Signed-off-by: Roman Mashak <mrv@...atatu.com>
---
ip/ipnetns.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/ip/ipnetns.c b/ip/ipnetns.c
index afb4978..bad7933 100644
--- a/ip/ipnetns.c
+++ b/ip/ipnetns.c
@@ -700,7 +700,8 @@ static int netns_set(int argc, char **argv)
{
char netns_path[PATH_MAX];
const char *name;
- int netns, nsid;
+ unsigned int nsid;
+ int netns;
if (argc < 1) {
fprintf(stderr, "No netns name specified\n");
@@ -711,7 +712,8 @@ static int netns_set(int argc, char **argv)
return -1;
}
name = argv[0];
- nsid = atoi(argv[1]);
+ if (get_unsigned(&nsid, argv[1], 0))
+ invarg("Invalid \"netnsid\" value\n", argv[1]);
snprintf(netns_path, sizeof(netns_path), "%s/%s", NETNS_RUN_DIR, name);
netns = open(netns_path, O_RDONLY | O_CLOEXEC);
--
1.9.1
Powered by blists - more mailing lists